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AMENDMENT TO CLAIMS RECEIVED 

CENTRAL WC CENTER 

Please amend the following claims as indicated: JUN 3 0 2004 

1. (Canceled) 

2. (Currently Amended) A computer-implemented process for identifying security 
vulnerabilities in a host computer system via a scanner comprisinti an engine, exploit manager. 
resomxie manager, and built-in exploits, comprising moluding the steps of: 

inctolling on updating a capability of the scanner to conduct v ulnerability assessments of 
the host computer system bv obtaining a pluggable express update package^ 

wherein the utxiate package is configured as an independent plug-in m odule that is 
geparate from the scanner and conmaunicates with the scanner to support the 
vulnerability assessments bv the scanner, the update package comprising: containingi 
an exploit plug-in module oontaining comprising exploit objects , which 
contain £oLexploits that check the a host computer system for at least certain ones 
of the security vulnerabilities , the exploits representing modifications or updates 
to the built-in exploits of the scanner : 

a resource plug-in module containing comprising resource object s^ whioh 
contain r epresenting, resources that which can be used by the scanner, the 
resources maintmned as resource objects separate from the exploits of the exploit 
objects to support an indet?endent updating of the resource objects and the exploit 
objects : 

a dat file[[.]] comprising w hioh contains exploit attribute information 
defining attribute information for the exploits of the exploit plug-in module, the 
exploit attribute information stored in a file separate from the exploit obiects to 
su pport an independent updating of the dat file and the exploit objects ; and 

a help fil e comprising \ which contains on-line help informatio n about the 
exploits of the exploit plug-in module, the help information stored in a file 
separate from the exploit objects to support an independent updating of the help 
file and the exploit objectsr on a computer ; 
supplying the e xploit attribute information to-an the e xploit manager from [[a]] the_dat 

file; 

passing the exploit objects and the resource objects informatio n from the exploit manager 
and the resource manager to an engine of the scanner; and 
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ftvftp.iiting the exolmts of the exploit plue-in module at the scanner. 

3. (Currently Amended) The computer-implemented process of claim 2 wherein.^a^^ 
said resources can be assigned a namespace based upon the resource's scope. 

4. (Currently Amended) The computer-implemented process of claim 2, wherein_tfie 
5£»d step of executing exploits comprises inoludoo the steps of: 

running standard built-in exploits of the scanner : 

running standard plug-in exploits of the pluggable express update package : 

running denial of service plug-in exploits of the nluggable ext^ress update package : and 

rmming denial of service built-in exploits of the scanner . 

5. (Currently Amended) The computer-implemented process of claim 4, wherein said 
steps of rurming standard and denial of service built-in exploit s of the scanner comprises inoludoa 
the steps of: 

having tho ongino got retrieving one of t he built-in e xt>loits at the top of a run-order list 
maintained by the scanner : 

having th e e ngin e att e mpt to run ning the retrieved exploit: 

if tho exploit is run, recordmg ^le-exploh result information to a database and a scanner 
log file; 

sending the exploit result information to a user interfac e to display ; and 
repeating the above steps for the remaining built-in e xploits. 
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6. (Cuirently Amended) The computer-implemented process of claim 4, wherei n the 
steps of running standard and denial of service plug-in exploits of the pluggable express 

update package comprises includ e s the steps of: 

ha\ing tho plug in engin e mok e copi e s of copviniz from a session object fe e a_master 
exploit list (q Hat of o xp l oitg and tho r e sourocG tho oxploitG produc e Qnd - oon5um e ) -and_g ^ 
master resource Iis t(a list of rooourooo ond tho exploits that produc e and con s um e thos e 
rooourooo) from tho session obj e ct ; 

g e tting obtaining e xploit information from_a ^ scanpolicy object fo r one of the plug-in 
tho firot e xploits; 

creating a target object and placing m rt^Hft-the exploit information in the target object; 
passing the target object to the one of the exploit objec ts associated with the plug-in 

running the plug-in exploit; 

adding exploit result information to the target object; 

passing the target object back to a plug-in engin e of the scanner, 

querying the target object for the exploit result information; 

recording tiie_exploit result information toji ^ scanner log file and sending the exploit 
result information to^ ^user hiterface; and 

repeating the above steps for the remainin g plug-in exploits. 

7. (Currently Amended) The computer-implemented process of claim 6, vi^herein said 
step of repeating the above steps for the remaining plu g-in exploit s comprises includ es the steps 
of: 

rurming a plug-in exploit[fsl1 that neither produces nor consumes shared resources; 
running a plug-in e xpIoitrFslI that only produces at least one of the shared resources; 
running a plug-in exploit[fs1l that produces and consumes at least one of the shared 
resources; and 

running a plug-in exploitrrsll that only constmies at least one of the shared resources. 

8. (Currently Amended) The computer-implemented process of claim 7, wherein said 
step of running a plug-in exploitrfsll that produces and consumes at least one of the s hared 
resources includ e s further comprises the step of ensuring that ^plug-in exploits that produce at 
least one of the shared p roduoers of r esources consumed by the exploit are run before the plug-jn 
exploi t that produces and copsumes at leaat one of the shared resources is nm. 
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9. (Cimently Amended) The computer-implemented process of claim 2, further 
comprising including t l^e step of initializin p the [[a ]]scanner. 

1 0. (Currently Amended) The computer-implemented process of 9, wherein the step 
of initializing a scanne r includoo comprises the steps ofi 

enumerating the exploit p lug-in modulef^sll and the resour ce plug-in module and obj e cts ; 
enumerating the exploit objects and the resource objects; 

running a.load securit y procedure for the exploit and the resource p lug-in modulra;.and 
initializing a policy manage r comprising at le ast one security policy that is retrievable bv 
the engine of the scanner . 

11. (Currently Amended) The computer-implemented process of claiiiLlO, wherein the 
step of initializing a policy manage r comprises includes d ie steps of; 

asking on oxploit monagor and a r e source monQfior- to identify identifying a vailable 
exploits and available r esources: 

hnTMTut t>in nvplnit mnnngpr and th e rosouroQ manag e r quer\r th e r e oistrv for identifying 
available exploit objects and ^ available resource objects corresponding to the available 
exploits and available resources; 

having th e oxploit monoger and th e r e courc e manag e r cr e ate generating map s that identify 
indioQting which the exploit and the resource p lug-in modules containing the available exploit 
objects and the available resource objects; 

having □ policy manager ask the oxploit monagor and roflouroe monagor for th e a^Toiiabio 
exploit obj e cts and common s e tting rosouroo objootos 

creating the available exploit objects and the c ommon-setting resource objects; and 

having th e poHoy mcmagcr query querying the available exploit objects and the_common- 
setting resource objects. 

12. (Currently Amended) The computer-implemented process of claim 2, further 
comprisin g inoluding t he step o f getting receiving from a user interface lio e nso a list of host 
computer systems the scan engine is authorized to scan, a list of the exploits for execution bv the 
scanner. p eti€¥: and the identity of at least one h os t computer system to scan for security 
vulnerabilities information . 

13-14. (Cancel) 
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15. {Currently Amended) The computer-implemented process o f claim 2, including 

comprising t he steps of: 

hawng host - scanning thread s^uerving a session manager for available hosts to scan; 

hftving the oooaion manager querying the session objects for one of t he aext available 
hosts; and 

having th e s e ssion manag e r -return ing one of t he available h osts to _a ^»-host-scanning 

thread. 

16. (Canceled) 
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1 7. (New) A computer-impleanented process for identifying security vulnerabilities in a 
host computer system via a scanner comprising an engine, an exploit manager, a resource 
manager, standard built-in exploits and denial of service built-in exploits, comprising the steps 
of: 

installing an express update package comprising an exploit plug-in module having exploit 
objects representing exploits that check the host computer system for vulnerabilities, the exploits 
comprising standard plug-in exploits and denial of service plug-in exploits; a resource plug-in 
module having resource objects representing resources for use by the scanner; a dat file 
comprising exploit attribute information; and a help file comprising on-line help information; 

supplying the exploit attribute information from the dat file to the exploit manager of the 
scanner; 

passing information about the exploit objects and resource objects from the exploit 
manager and the resource manager to the scanner engine; 

running the standard buih-in exploits and the denial of service built-in exploits by the 
scanner engine; 

running the standard plug-in exploits and the denial of service plug-in exploits by a plug- 
in engine of the scanner, wherein the step of running the standard plug-in exploits and the denial 
of service plug-in exploits comprises the steps of: 

(a) obtaining copies of a master exploit list and a master resource list from a 
session object; 

(b) obtaining exploit information from a scanpolicy object for an identified one of 
the plug-in exploits; 

(c) creating a target object and placing the exploit information in the target object; 

(d) passing the target object to one of the exploit objects corresponding to the 
identified plug-in exploit; 

(e) running the identified plug-in exploit; 

(f) adding exploit result information to the target object; 

(g) passing the target object to the plug-in engine; 

(h) querying the target object for the exploit result information; 

(i) recording the exploit result information to a scanner log file and sending the 
exploit result information to a user interface; and 

repeating steps (b) - (i) for each of the remaining standard and denial of service 
plug-in exploits. 
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18. (New) The computer-implemented process of claim 17, wherein repeating the above 
steps for the remaining standard and denial of service plug-in exploits comprises the steps of: 

running standard and denial of service plug-in exploits that neither produce nor consume 
at least one shared resource; 

running standard and denial of service plug-in exploits that only produce at least one 
shared resource; 

running standard and denial of service plug-in exploits that produce and consume at least 
one shared resource; and 

running standard and denial of service plug-in exploits that only consume at least one 
shared resource. 

19. (New) The computer-implemented process of claim 18, wherein said step of running 
standard and denial of service plug-in exploits that produce and consume at least one shared 
resource further comprises the step of ensuring that standard and denial of service plug-in 
exploits that ptx>duce at least one shared resource consumed by a particular exploit are run before 
the particular exploit is run. 

20. (New) The computer-implemented process of claim 17 further comprising the 
steps of: 

enumerating the exploit plug-in module and the resource plug-in module and the exploit 

and the resource objects; 

running load security for each of the exploit and resource plug-in modules; and 
initializing a policy manager comprising at least one security policy that is retrievable by 

the engine of the scanner. 

21. (New) The computer-implemented process of claim 20, wherein initializing a policy 
manager comprises the steps of: 

identifying available exploits and available resources; 

identifying available exploit objects and available resource objects corresponding to the 
available exploits and available resources; and 

generating maps that identify the exploit plug-in module and the resource plug-in module 
containing the available exploit objects and the available resource objects. 
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22. (New) The computer-impleinented process of claim 17, further comprising the step 
pf receiving from the user interfece a list of host computer systems that the scanner is authorized 
to scan, a list of exploits to be vsed to check the host computer system for security 
vulnerabilities, and the identity of the host computer system. 

23. (New) The computer-implemented process of claim 17, comprising the steps of: 
querying a session manager for an identity of at least one host computer system to scan; 

and 

sending the identity of the at least one host computer system to the scanner engine. 



[THIS AREA INTENTIONALLY LEFT BLANK] 
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24. (New) A computer-implemented process for identifying secxirity vulnerabilities in a 
host computer system via a scanner comprising a policy manager, an engine, an exploit manager 
and a resource manager, comprising the steps of: 

installing an express update package comprising an exploit plug-in module having exploit 
objects representing exploits that check the host computer system for vulnerabilities, the exploits 
comprising standard plug-in exploits and denial of service plug-in exploits; a resource plug-in 
module having resource objects representing resources for use by the scanner; a dat file 
comprising exploit attribute information; and a help file comprising on-line help information; 
initializing the scanner by completing the following steps: 

enumerating the exploit plug-in module and the resource plug-in module and the 
exploit and the resource objects; 

running load security for each of the exploit and resource plug-in modules; and 
initializing the policy manager, wherein the step of initializing the policy manager 
comprises the steps of: 

requesting the exploit manager and the resource manager to identify 
available ones of the exploits and the resources; 

using the exploit manager and the resource manager to query a registry for 
available ones of the exploit objects and the resource objects; 

creating maps by the exploit manager and the resource manager, the maps 
identifying the exploit and resource plug-in modules containing the available 
exploit objects and the available resource objects; 

issuing a request to the exploit manager and the resource manager to 
request the available exploit objects and common-setting resource objects; 

returning the available exploit objects and the common-setting resource 
objects to the policy manager, and 

issuing a query from the policy manager to query the available exploit 
objects and the common-setting resource objects for corresponding exploit 
attribute information and resource configuration information; 
supplying the exploit attribute information to the exploit manager from the dat file; 
passing exploit object and resource object information from the exploit manager and the 
resource manager to the scanner engine; and 

executing the exploits at the scanner engine. 
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25. (New) The computer-implemented process of claim 24, further comprismg the step 
of recdving &om the user interfece a request to scan at least one host computer system for 
security vulnerabilities, the request comprising: 

a list of host computer systems that the scanner is authorized to scan; 

a list of exploits to be used to check the host computer system for security vulnerabilities; 

and 

the identity of at least one host computer system to scan for security vulnerabilities. 

26. (New) The computer-implemented process of claim 24, wherein the scanner further 
comprises built-in exploits comprising standard built-in exploits and denial of service built-in 
exploits, 

27. (New) The computer-implemented process of claim 26. wherein the step of 
executing exploits at the scanner engine comprises the steps of: 

running the standard built-in exploits of the scanner; 

running the standard plug-in exploits of the express update package; 

running the denial of service plug-in exploits of the express update package; and 

running the denial of service built-in exploits of the scanner. 

28. (New) The computer-implemented process of claim 27, wherein the steps of running 
the standard and denial of service built-in exploits of the scanner comprise the steps of: 

retrieving one of the built-in exploits at the top of a run-order list maintained by the 
scanner; 

running the retrieved built-in exploit; 

recording exploit result information to a database and a log file of the scanner; 
sending the exploit result information to a user interface of the scanner; and 
repeating the above steps for the remaining built-in exploits. 
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29. (New) The computer-implemented process of claim 27, wherein the steps of 
running the standard and denial of service plug-in exploits comprises the steps of: 

cieating a target object and placing the exploit attribute information in the target object; 
passing the target object to one of the exploit objects; 
running one of the plug-in exploits; 

receiving exploit result information at the target object in response to running the plug-in 
exploit; 

passing the target object back to the engine of the scanner; 

recording the exploit result information to a log file of the scanner and passing the exploit 
result information to a user interface of the scanner; and 

repeating the above steps for the remaining plug-in exploits. 

30. (New) The computer-implemented process of claim 29, wherein repeating the above 
steps for the remaining plug-in exploits comprises the steps of: 

runnhig a plug-in exploit that neither produces nor consumes shared resources; 
running a plug-in exploit that only produces at least one shared resource; 
running a plug-in exploit that produces and consumes at least one shared resource; and 
running a plug-in exploit that only consumes at least one shared resource. 

31. (New) The computer-implemented process of claim 30, wherein the step of running 
a plug-in exploit that produces and consumes at least one shared resource further comprises the 
step of ensuring that the plug-in exploits that produce at least one shared resource constimed by 
the plug-in exploit are run before the plug-in exploit that produces and consumes at least one 
shared resource is run. 
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32. (New) A computcx-implemeflted process for identifying security vulnerabi^^^^ 
host computer system via a scanner comprising an engine, an exploit manager, a resource 
manager, standard built-in exploits and denial of service built-in exploits, and a user interface, 
comprising the steps of: 

updating a capability of the scanner to conduct security vulnerability assessments of the 
host computer system by gbtaining an update comprising an exploit plug-in module having 
exploit objects representing exploits that check the host computer system for vulnerabilities, the 
exploits comprising standard plug-in exploits and denial of service plug-in exploits; a resource 
plug-in module having resource objects representing resources for use by the scanner, and a file 
comprising exploit attribute infonnation; 

installing the update as an independent plug-in for operation in connection with the 
scanner; 

supplying the exploit attribute information from the update to the exploit manager of the 
scanner; 

passing information about the exploit objects and resource objects from the exploit 
manager and the resource manager to the scanner engine; 

running the standard built-in exploits and the denial of service built-in exploits at the 
scanner engine; 

running the standard plug-in exploits and the denial of service plug-in exploits at a plug- 
in engine of the scanner, wherein the step of running the standard plug-in exploits and the denial 
of service plug-in exploits comprises the steps of: 

(a) obtaining copies of a master exploit list and a master resource list; 

(b) obtaining host information and selected ones of the resources for an identified 
one of the plug-in exploits; 

(c) providing the host information and the selected resources via a target object to 
one of the exploit objects correspondmg to the identified plug-in exploit 

(e) running the identified plug-in exploit at the plug-in engine; 

(f) adding scan result information to the target object in response to running the. 
identified plug-in exploit; 

(g) obtaining the scan result information from the target object for presentation 
via the user interface of the scanner; and 

repeating steps (b) - (g) for each of the remaining standard and denial of service plug-in 
exploits. 
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33. (New) The computer-implemented process of claim 32, wherein repeating steps (b) 
- (g) for each of the remaining standard and denial of service plug-in exploits comprises the 
steps of: 

running standard and denial of service plug-ln exploits that neither produce nor consume 
at least one shared resource; 

running standard and denial of service plug-in exploits that only produce at least one 
shared resource; 

running standard and denial of service plug-in exploits that produce and consume at least 
one shared resource; and 

running standard and denial of service plug-in exploits that only consume at least one 
shared resource. 

34. (New) The computer-implemented process of claim 33, wherein said step of running ; 
standard and denial of service plug-in exploits that produce and consume at least one shared 
resource further comprises the step of ensuring that standard and denial of service plug-in 
exploits that produce at least one shared resource consumed by a particular plug-in exploit are 
run before the particular plug-in exploit is run. 

35. (New) The computer-implemented process of claim 32. further comprising the step 
of receiving from the user interface: 

a list of host computer systems that the scanner is authorized to scan; 

a list of exploits to be used to check the host computer system for security vulnerabilities, 
wherein the list comprises a selection of buiJt-in and plug-in exploits, said selection made from 
the built-in exploits and the master exploit list; and 

the identity of at least one host computer system to scan for security vulnerabilities. 

36. (New) The computer-implemented process of claim 32, comprising the steps of: 
querying a session manager for an identity of at least one host computer system to scan; 

and 

sending the identity of the at least one host computer system to the scanner engine. 
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37. (New) The computer-implemented process of claim 32 fijrther comprising the 
steps of: 

enumerating the exploit plug-in module and the resource plug-in module and the exploit 

and the resource objects; 

running load security for each of the exploit and resource plug-in modules; and 

initial lying a policy manager comprising at least one security policy that is retrievable by 

the scanner engine, 

38. (New) The computer-implemented process of claim 37, wherein initializing a policy 
manager comprises the steps of: 

identifying available exploits and available resources; 

identifying available exploit objects and available resource objects corresponding to the 
available exploits and available resources; and . 

generating m^s that identify the exploit plug-in module and the resource plug-in module 
containing the available exploit objects and the available resource objects. 
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39. (New) A computer-implemented process for identifying security vulnerabilities in a 
host computer system via a scanner comprising an engine, an exploit manager, a resource 
manager, standard built-in exploits and denial of service built-in exploits, comprising the steps 
of: 

updating a capability of the seamier to conduct security vulnerability assessments of the 
host computer system by obtaining an update comprising an exploit plug-in module having 
exploit objects representing exploits that check the host computer system for vuhierabilities, the 
exploits comprising standard plug-in exploits and denial of service plug-in exploits; a resource 
plug-in module having resource objects representuig resources for use by the scanner; and a file 
comprising exploit attribute infonnation; 

installing the iqidate as an independent plug-in for operation in connection with the 
scanner; 

supplying the exploit attribute information from the update to the exploit manager of the 
scanner, 

passing information about the exploit objects and resource objects from the exploit 
manager and the resoiirce manager to the scanner engine; 

running the standard built-in exploits and the denial of service built-in exploits at the 
scanner engine; 

running the standard plug-in exploits and the denial of service plug-in exploits at a plug- 
in engine of the scanner, wherein the step of running the standard plug-in exploits and the denial 
of service plug-in exploits comprises the steps of: 

(a) obtaining copies of a master exploit list and a master resource list; 

(b) obtaining host informatioo and selected ones of the resources for an identified 
one of the plug-in exploits; 

(c) providing the host information and the selected resources via a target object to 
one of the exploit objects corresponding to the identified plug-in exploit 

(e) running the identified plug-in exploit at the plug-in engine; 

(f) adding scan result information to the target object in response to running the 
identified plug-in exploit; 

(g) obtaining the scan result information from the target object for storage in a 
scanner log file; and 

repeating steps (b) - (g) for each of the remaining standard and denial of service 
plug-in exploits. 
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40. (New) The computer-implemented process of claim 39, wherein repeating steps (b) 
- (g) for each of the remaining standard and denial of service plug-in exploits comprises the 
steps of: 

running standard and denial of service plug-in exploits that neither produce nor consume 
at least one shared resource; 

running standard and denial of service plug-in exploits that only produce at least one 
shared resources; 

running standard and denial of service plug-in exploits that produce and consume at least 
one shared resource; and 

running standard and denial of service plug-in exploits that only consume at least one 
shared resource. 

41 . (New) The computer-implemented process of claim 40, wherein said step of running 
standard and denial of service plug-in exploits that produce and consume at least one shared 
resource ftirther comprises the step of ensuring that standard and denial of service plug-in 
exploits that produce at least one shared resource consumed by a particular plug*in exploit are 
run before the particular plug-in exploit is run. 

42. (New) The computer-implemented process of claim 39, further comprising the step 
of receiving from a user interface: 

a list of host computer systems that the scanner is authorized to scan; 

a list of exploits to be used to check the host computer system for security vuhaerabilities. 
wherein the list comprises a selection of built-in and plug-in exploits, said selection made &om 
the built-in exploits of the scanner and the master exploit list; and 

the identity of at least one host computer system to scan for security vulnerabilities. 

43. (New) The computer-implemented process of claim 39, further comprising the steps 

of: 

querying a session manager for an identity of at least one host computer system to scan; 

and 

sending the identity of the at least one host computer system to the scanner engine. 
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44. (New) The computer-implemented process of claim 39, further comprising the 
steps of: 

enximerating the exploit plug-in module and the resource plug-in module and the exploit 

and the resource objects; 

running load security for each of the exploit and resource plug-in modules; and 
initializing a policy manager comprising at least one security policy that is retrievable by 

the scanner engine. 

45- (New) The computer-implemented process of claim 44, wherein initializing a policy 
manager comprises the steps of: 

identifying available exploits and available resources; 

identifying available exploit objects and available resource objects corresponding to the 
available exploits and available resources; and 

generating maps that identify the exploit plug-in module and the resource plug-in module 
containing the available exploit objects and the available resource objects. 
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46. (New) A computer-implemented process for identifying security vulnerabilities in a 
host computer system via a scarmer comprising a policy manager, an engine, an exploit manager 
and a resource manager, comprising the steps of: 

updating a capability of the scanner to conduct security vulnerability assessments of the 
host computer system by obtaining an update comprising an exploit plug-in module having 
exploit objects representing exploits that check the host computer system for vulnerabilities, the 
exploits comprising standard plug-in exploits and denial of service plug-in exploits; a resource 
plug-in module having resource objects representing resources for use by the scanner; a dat file 
comprising exploit attribute information; and a help file comprising on-line help information; 
installing the update for use by the scanner; 
initializing the scanner by completing the following steps: 

enumeratmg the exploit plug-in module and the resource plug-in module and the 
e^^loit and the resource objects; 

running load security for each of the exploit and resource plug-in modules; and 
initializing the policy manager, wherein the step of initializing the policy manager 
comprises the steps of: 

identifying available ones of the exploits and the resources; 
identifying the exploit and resource plug-in modules containing the 
available ones of the exploit objects and the resource objects corresponding to the 
available exploits and resources; 

obtaining the available exploit objects and common-setting resource 
objects; and 

querying the available exploit objects and the common-setting resource 
objects for corresponding exploit attribute information and resource configuration 
information; 

supplying the exploit attribute information to the exploit manager from the update 
passing exploit object and resoiu*ce object information from the exploit manager and the 
resource manager to the scanner engine; and 

executing the exploits at the seamier engine. 
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47. (New) The computer-implemented process of claim 46, further comprising the step 
of receiving firom a user interface a request to scan the host computer system for security 
vulnerabilities, the request comprising: 

a list of host computer systems that the scanner is authorized to scan,; 
a list of exploits to be used to check the host computer system for security vulnerabilities, 
the list comprising exploits selected from the available ones of the exploits; and 

the identity of the host computer system to scan for security vulnerabilities. 

48. (New) The computer-implemented process of claim 46» v^^herein the scanner further 
comprises built-in exploits comprising standard built-in exploits and denial of service built-in 
exploits. 

49. (New) The computer-implemented process of claim 48, wherein the step of 
executing exploits at the scanner engine comprises the steps of: 

running the standard built-in exploits of the scanner; 
running the standard plug-in exploits of the update; 
running the denial of service plug-in exploits of the update; and 
running the denial of service built-in exploits of the scanner. 

50. (New) The computer-implemented process of claim 49, wherein the steps of running 
the standard and denial of service built-in exploits of the scanner comprise the steps of: 

retrieving one of the built-in exploits from a list of built-in exploits maintained by the 
scanner; 

running the retrieved built-in exploit against the host computer system; 
recording exploit result information to a database of the scanner; 
sending the exploit result information to a user interlace of the scanner, and 
repeating the above steps for the remaining built-in exploits. 
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51. (New) The computer-implemented process of claim 46, wherein executing the 
exploits at the scanner engine comprises the steps of: 

creating a target object and placing the exploit attribute information in the target object; 
passing the target object to one of the exploit objects; 
nmning one of the plug-in exploits; 

receiving exploit result information at the target object in response to running one of the 
plug-in exploits; 

passing the target object back to the scanner engine; 

recording the exploit result information to a log file of the scanner and passing the exploit 
result information to a user interface of the scanner, and 

repeating the above steps for the remaining plug-in exploits. 

52. (New) The computer-implemented process of claim 51, wherein repeating the above 
steps for the remaining plug-in exploits comprises the steps of: 

running a plug-in exploit that neither produces nor consumes shared resources; 

running a plug-in exploit that only produces at least one shared resource; 

ensuring that the plug-in exploits that produce at least one shared resource consimied by 
the plug-in exploit are run before the plug-in exploit that produces and consumes at least one 
shared resource is run; 

running a plug-in exploit that produces and consumes at least one shared resource; and 

running a plug-in exploit that only consumes at least one shared resource. 
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